- Pharmaceutical company Merck & Co. had $135 million in lost sales and $175 million in additional costs during Q3 following impacts from June's Nyetya cyberattack, the company reported during its earnings call Friday. Merck anticipates a similar financial impact in Q4.
- Merck also had to borrow $240 million of Gardasil vaccine from a CDC stockpile to meet its Q3 shipments after the cyberattack caused a temporary shut down in production and the company experienced increased demand, according to the earnings call.
- Once Merck replenishes the Gardasil stockpile, it will recognize the revenue from the borrowed shipments, which the company expects will happen in the second half of 2018. Merck would have had quarterly growth were it not for the June cyberattack.
The pharma company was quick to highlight its "strong performance" even after an eventful year, which included natural disasters and the isolated Q2 cybersecurity incident. But what is notable are the lasting impacts following the Nyetya attack in June.
Already Merck has had $310 million in costs and expects a similar amount in Q4.
Cyberattacks are increasingly having a financial impact on companies. Data breaches aside, which can cripple a company's reputation and spur a whole-stack technology review, more companies across sectors are suffering from global cyberattacks. Rather than briefly disrupting service, the attacks are targeting back-end systems that can derail production and the supply chain.
Because of Nyetya, Mondelez International had to cut its Q2 revenue growth 3% and shipping giant A.P. Moller-Maersk lost $300 million in Q3 revenue. Because of the rippling effects of supply chain disruption, isolated cybersecurity incidents have long-lasting impacts. The more prevalent global attacks become, the more companies across sectors will turn to response strategies.